package com.my.demo.auth.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;

import javax.annotation.Resource;
import javax.sql.DataSource;
import java.util.concurrent.TimeUnit;

/**
 * Created by LeiXuMeng on 2017/7/14.
 */
@Configuration
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

	@Resource
	private DataSource dataSource;
	@Resource
	private AuthenticationManager authenticationManager;

	@Override
	public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
		//        authorizationServerSecurityConfigurer.checkTokenAccess("isAuthenticated()");
		authorizationServerSecurityConfigurer.checkTokenAccess("permitAll()");
		authorizationServerSecurityConfigurer.allowFormAuthenticationForClients();
	}

	@Override
	public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
		clientDetailsServiceConfigurer.jdbc(dataSource);
		// ClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource);
		// clientDetailsServiceConfigurer.withClientDetails(clientDetailsService);
		//clientDetailsServiceConfigurer.inMemory()
		//        .withClient("my-trusted-client")//客户端ID
		//        .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
		//        .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
		//        .scopes("read", "write", "trust")//授权用户的操作权限
		//        .secret("secret")//密码
		//        .accessTokenValiditySeconds(120).//token有效期为120秒
		//        refreshTokenValiditySeconds(600);//刷新token有效期为600秒
	}

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		endpoints.authenticationManager(authenticationManager);
		endpoints.tokenStore(new JdbcTokenStore(dataSource));
		// 配置TokenServices参数
		DefaultTokenServices tokenServices = new DefaultTokenServices();
		tokenServices.setTokenStore(endpoints.getTokenStore());
		tokenServices.setSupportRefreshToken(false);
		tokenServices.setClientDetailsService(endpoints.getClientDetailsService());
		tokenServices.setTokenEnhancer(endpoints.getTokenEnhancer());
		tokenServices.setAccessTokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(30)); // 30天
		endpoints.tokenServices(tokenServices);
	}
}
